But that means that leaving your towel on a sun lounger before breakfast to reserve that sun lounger for your sole use is perfectly acceptable!

As with any other internationalized business, though... either you tailor your offering to match the requirements or lack thereof of local laws in each case, or you put together a "one size fits all" policy that incorporates the strictest interpretation of each element of local legislation in individual countries.Apple and other international businesses might complain about the complexity of either approach, but that is part of the cost of doing business in an international environment. Suck it up.

But that means that leaving your towel on a sun lounger before breakfast to reserve that sun lounger for your sole use is perfectly acceptable!

As with any other internationalized business, though... either you tailor your offering to match the requirements or lack thereof of local laws in each case, or you put together a "one size fits all" policy that incorporates the strictest interpretation of each element of local legislation in individual countries.Apple and other international businesses might complain about the complexity of either approach, but that is part of the cost of doing business in an international environment. Suck it up.

I meant german domestic definitions. What Apple has been going so far quite widely has been the Germans Abroad definitions.

As with any other internationalized business, though... either you tailor your offering to match the requirements or lack thereof of local laws in each case, or you put together a "one size fits all" policy that incorporates the strictest interpretation of each element of local legislation in individual countries.

Yes, web sites need to be careful what they show in different countries. For example, a photo in the "Victoria's Secretions" catalog might be harmless in Europe, but get your balls amputated in a Muslim Brotherhood 'hood.

I noticed that WebSphere Portal Server actually has some configuration stuff, so that you can block pages for specific areas.

After all, car makers selling cars in the United States typically will build all of their models to meet California emissions standards, even if they are more strict than the rest of the country. Seems like a similar case.

Well, the problem is that European privacy guidelines are a completely foreign concept to US data collection practices.

Ok, let's detour slightly: A typical US american has a couple of "fundamental rights", and the moment someone threatens them, get up in arms. E.g. most jurisdictions have at least a little weaker Freedom of Speech rights. Now Germany considers Privacy (and a number of related concepts releveant to IT) a fundamental Human right. As in, your data is yours. And by default companies (and even t

You don't have to- you only have to make sure its legal in the countries you sell it in. Germans aren't suing because of Apple violating their law in America, they're suing them for violating it in Germany. If you aren't willing to abide by the laws, then don't sell in that country.

You don't have to- you only have to make sure its legal in the countries you sell it in. Germans aren't suing because of Apple violating their law in America, they're suing them for violating it in Germany. If you aren't willing to abide by the laws, then don't sell in that country.

Germans are not actually suing. They don't need to sue. Parts of Apple's policy have been declared invalid, which means that legally these parts don't exist.

Sure, but that's not what's happening. They don't exist in every jurisdiction on earth, just the ones they do business in. Maybe Apple shouldn't do business in countries if it's too hard for them to obey the local laws..?

You know what I fear?
That Apple does just what you describe: Change the words of their privacy policies, but don't actually change the processes used to handle data.

But the _words_ of their privacy policy _is_ what was wrong. Nobody in Germany requested Apple to change its policies; they requested that Apple lists precisely what they do so that customers can make an educated decision whether to agree or not.

Err.. The European privacy laws are pretty much common sense. Just consider that people have the right to know what personal information is stored of them. If you are open about what information you collect, you should have no problem. But if you want to obscure what information you collect or collect more information than you openly admit, you are going to have a bad time.

Apple currently reserve the rights to snatch information that you never intended to send over the Internet form your phone and use it for whatever reasons without telling you.The German law says that they can't do that without telling you.

Strawman. You're not responsible for what happens with the data in transit to you, but you are responsible for a) what data you take from your customer (via app on the phone, for instance, reading out the phonebook) and you are responsible for what you do with the data once it has arrived at your end.

Actually, that's wrong. If you are sending the data from your application on the user's device to yourself, you're also responsible for what happens in transit: You could easily crypt the information.

If you or your system is sending me personal information, then you can assume it's been stored somewhere, multiple times, and will be used for whatever purpose forever, and can't be deleted.

The EU and most member states have strict laws forbidding that. You have to justify storing any personal data, there are limits on what you can do with it, you can't keep it forever and must delete it under certain circumstances.

If it gets transmitted in the clear, consider it stored and used for ANY purpose.

In both the EU and US that would render the intermediate nodes routing the traffic liable for its content. In order to avoid liability they must not use the data in any way, merely pass it along.

It would be like sending a message on a post card then getting mad that people can see what you wrote, copy it, and do whatever they want with the copy.

It is actually illegal to open sealed envelopes not addressed to yourself here. That's why most banks don't send statements on the back of a postcard.

The rules in question don't apply specifically to the internet. If you give an organisation your information, and they store it (relaying the information doesn't count), they have to properly represent what that information will be used for. This is to allow the individual to make an informed decision as to whether or not to perform that exchange of information.

Encrypting the information on the way to the organisation doesn't make a blind bit of difference to that, so I'm not sure why you brought that up.

Quick question: can I simply take your videogames and publish them on the App Store as my own? They're unencrypted and on the internet, so according to you I have the right to use that information as I please.

Well, how on Earth could anyone deny them this right? If you or your system is sending me personal information, then you can assume it's been stored somewhere, multiple times, and will be used for whatever purpose forever, and can't be deleted. THAT'S common sense

Maybe it's common sense where you live.
Within the EU it is without mutual agreement distinctly illegal and Germany is part of this EU, we EU citizen expect our privacy to be respected by the companies we get in touch with, even more so by those we do business with.

That's one reason the EU was created. Must be harder still in the US, with so many states. However, you can probably miss some jurisdictions. You probably only need to worry about those places you have a presence, plus maybe the local bullies (eg, the US in much of the 'West', possibly Russia if you're somewhere like Ukraine or Belarus). A western Internet company which isn't targeting or operating in China probably doesn't need to care about Chinese laws.

With organisations like the StaSi and GeStaPo in more recent German history, the protection of the individual's privacy is a serious issue in Germany.
Now and then politicians try to create another surveillance state for example to fight "child pornography", but fortunately they haven't succeeded to enact their crazy laws so far.

The German state already intrudes deeply into people's personal lives. On the other hand, in the guise of protecting "privacy", it prevents private organizations from verifying or monitoring its data collection, and it refuses to disclose what it has, how it is using it, or how it is operating.

With organisations like the StaSi and GeStaPo in more recent German history, the protection of the individual's privacy is a serious issue in Germany.

Notice the "Sta" in those organizations, as in "state"? Privacy in Germany has always been a problem of state intrusion into individual lives, and that is still rampant in Germany and voters largely don't care.

All this beating up on Google and Apple is a smokescreen to deflect from the horrible state of privacy in Germany.

Now and then politicians try to create another surveillance state for example to fight "child pornography", but fortunately they haven't succeeded to enact their crazy laws so far.

The German state already intrudes deeply into people's personal lives. On the other hand, in the guise of protecting "privacy", it prevents private organizations from verifying or monitoring its data collection, and it refuses to disclose what it has, how it is using it, or how it is operating.

Ok, firstly the Stasi is history so don't try to smear it all over contemporary issues to make some sort of point that only makes sense to a neo-cnoservative mind, there are very few people here who watch FoxNews or whatever the German equivalent of that sewage pump may be for any other purpose than to amuse themselves. Secondly, if you are going to accuse the German state of gross privacy violations name concrete examples (read: more than one) and provide details.

Actually the same EU data protection rules that apply to private companies apply to governmental organisations. In the EU in general, the organisations most frequently targetted for data protection and freedom of information breaches are public ones.

It would be interesting to know whether there is anyone who holds both of the following positions.

1. The German finding is unfair to Apple because Apple, quite reasonably, shouldn't be required to follow the law of every land in which it does business..2. Criticising Apple for caving in to the censorship requirements of the Chinese government is unfair to Apple because Apple, quite reasonably, should be required to follow the law of every land in which it does business.

If you put it like that - it's not possible, however I do hold the both those views - only each have an ammendment you didn't consider "provided they are in line with the international agreement on human rights".

As a general rule (though aside from that) I believe that whenever a company does business in another country, it should be compliant with the laws of BOTH it's parent country AND the one it operates in except where those are contradictory to the point where following one would violate the other (t

A quick google search turned up that yes, indeed you do have to follow some laws of the US when travelling abroad. I believe the underage sex one is one of the biggies (I've heard rumors that drug use is another, but I can't find anything to confirm it).

Why should it be on the people? If the company doesn't want to follow their laws, they shouldn't sell their stuff in that country. By choosing to operate in Germany, they have to follow German laws for products sold in that country. Don't like it, decide not to sell there.

The injustice here isn't to Apple, it's to other potential customers. One group of people is needlessly imposing their views of privacy on another group; instead of saying "I don't like Apple's privacy terms, so I don't use them", they say "I don't like Apple's privacy terms, so I am going to prevent you from using them as well".

Wrong. German law says that what Apple is doing is illegal, so they have to stop or they are going to be fined. And please read again what this issue is about. Apple can very well collect personal data and provide services that use them, they just have to inform customers what they are collecting and for what purpose, so the customers can make an informed decision. Their current privacy policy basically says: "We collect whatever data we want, we do whatever we want with it and reserve the right to share it with anybody". That is simply not allowed and has to change, so please enlighten us where you see any injustice.

You need to forgive him. He is American, and over there laws only apply to regular people. Not to companies, and especially not to the rich (and Apple is both of those).

Companies can ignore the law all they want, and if someone disagrees, he can stop buying their product.

The whole concept of the law applying equally to everybody is foreign to them. Not that it always work that way in Europe, but it works often enough that we are used to the concept, and don't start arguing against it when it does work.

However, you fuckers need to get bent if you think it's actually possible to comply with those laws at a technical level.

I am sure Apple devices sold in Germany are very identifiable as devices sold in Germany by Apple. I am sure each device has a unique id. It is not a technical problem to filter wich devices can collect which information but more of a problem of the will to comply with local laws.All companies will try the shortcuts first before they are told to go the long way around.It is about business efficiency. (saving a buck if you can)

Laws do not have to be possible to comply with or even logical, you still have to obey them the same. If complying with privacy laws concerning handling and collecting of sensitive data is impossible or prohibitively expensive the answer is easy, don't collect or handle the data at all, problem solved.
You can't just keep going in the same old track and claim that complying with the law is impossible or prohibitively expensive so you won't bother complying.

Uh no. Apple did nothing to cover their ass here, and that's why it's about to get bitten. They did not even attempt to cover their ass. They have to tell you what they (not unauthorized intermediate parties, you bullshit prevaricator) are doing with the data, and they aren't doing that. If anyone they're contracting can't tell them what they are doing with the data, then it's gross incompetence and possibly malfeasance as well to share data with them.

So in theory they could write: We're going to sell it/share it with [company], and be on the clear? Or am I thinking too little and the other company would also have to state what they do with such personal information?

Actually yes. The other company has to expressively state what they will use the information for. And they are not allowed to use if for anything the customer has not agreed on. And that's Apple's problem here. They actually can't tell what their contract partners will use the information for, so they can't tell their customers, as they are required by law to do. So either they don't collect the data, or they make a better job at explaining to the customer what the data is used for before collecting it.

There's a similar law in the UK, and companies generally comply with the letter. (Although I've seen some interesting ways of working around the spirit; one form I saw asked for permission to use the information in a variety of ways, which were opt-ins and opt-outs more or less at random, so you had to read it carefully to determine which boxes to tick.)

The ruling is not about connection data like IP addresses needed to establish connections.This is about the data that Apple collects outside of that: email addresses, contacts, geolocation.

If I use, say, iCalendar, obviously I allow Apple to collect and save the data of my appointments. But before Apple can share this data with third parties, they have to tell me which third parties and what data. This isn't 'the privacy policy of the internet at large'. This is Apples (and Goog

Because it seems to me that is quite clear on the intent of the company: I may use it for anything. Or you mean companies would have to add to their TOS that they may use it for: [insert long list of things], and update it

Actually, IIUC, even documenting what they do wouldn't help Apple much, as then they would be admitting to breaking the law. (That's not in the court decision, that's in Apple's mode of business.)

In particular, it is my understanding that it is illegal for Apple to collect information in Germany and transmit it to a location where the laws don't "adequately" protect the information. Like the US. And that that's one of the things they do.

It should be "on the people" because some people may not have a problem with policies and may want to do business with Apple anyway.

What's your point?The basis of the complaint was, that Apple is not transparent about what it does with the data collected.If they are transparent about it and tell the users what exactly thy are going to do with the data BEFORE any data is collected, they're basically fine.And then the users who are fine with can use those services.

But Apple, like many other companies, wants to have the right to do anything without telling what they do.

The European data protection laws lay the groundwork for users to be able to decide freely what services to use and what not.The basis for a free decision is INFORMATION.

But Apple, like many other companies, wants to have the right to do anything without telling what they do.

Hate to be a defender of Apple, but you just took shit out of your butt and added it to the argument.

The issue is that they arent telling what they do, not that they "want to have the right to do anything." These things are not mutual, so you don't get to argue as if they were.

Is it really so hard to stick to the substance here? Seriously.. it isn't... you could bash apple for a week without having to pull shit out of your ass, so why are you pulling shit out of your ass? Every time you reach for your

They want to have the right to do anything WITHOUT TELLING WHAT THEY DO.

OK I'll take what you said in its entirety at face value, without any use of rationalization to extract truth from your statement. Now there is no truth at all, because the claim you are making is false.

Anything' includes the entire set of things within imagination.

Either you want me to treat you as a sloppy statement maker that needs to be parsed with the obvious deficiencies of your vocabulary selection segregated from the rest of the stuff that you say, or you want me to presume that you arent such

It's more likely that Apple probably has very specific uses in mind for the data, but the US is an anomalously permissive environment with regards to how people's data can be handled and therefore it never occurred to them to enumerate their intended uses.

You are assuming that their current business practices are otherwise in accordance with German law. I have a very strong doubt that this is the case. So to me this sounds like a requirement that they admit that they are breaking the law. But not documenting what they are doing is also breaking the law.

(In particular, I believe that it is illegal under German law for non-anonymized data to be sent from Germany to the US, due to the US lacking acequate safegards against abuse of personal information. I co